continuous integration

Auto Added by WPeMatico

A startup’s guide to software delivery

One of the biggest factors in the success of a startup is its ability to quickly and confidently deliver software. As more consumers interact with businesses through a digital interface and more products embrace those interfaces as the opportunity to differentiate, speed and agility are paramount. It’s what makes or breaks a company.

As your startup grows, it’s important that your software delivery strategy evolves with you. Your software processes and tool choices will naturally change as you scale, but optimizing too early or letting them grow without a clear vision of where you’re going can cost you precious time and agility. I’ve seen how the right choices can pay huge dividends — and how the wrong choices can lead to time-consuming problems that could have been avoided.

The key to success is consistency. Create a standard, then apply it to all delivery pipelines.

As we know from Conway’s law, your software architecture and your organizational structure are deeply linked. It turns out that how you deliver is greatly impacted by both organizational structure and architecture. This is true at every stage of a startup but even more important in relation to how startups go through rapid growth. Software delivery on a team of two people is vastly different from software delivery on a team of 200.

Decisions you make at key growth inflection points can set you up for either turbocharged growth or mounting roadblocks.

Founding stage: Keep it simple

The founding phase is the exciting exploratory phase. You have an idea and a few engineers.

The key during this phase is to keep the architecture and tooling as simple and flexible as possible. Building a company is all about execution, so get the tools you need to execute consistently and put the rest on hold.

One place you can invest without overdoing it is in continuous integration and continuous deployment (CI/CD). CI/CD enables developer teams to get feedback fast, learn from it, and deliver code changes quickly and reliably. While you’re trying to find product-market fit, learning fast is the name of the game. When systems start to become more complex, you’ll have the practices and tooling in place to handle them easily. By not having the ability to learn and adapt quickly, you give your competitors a massive edge.

One other place where early, simple investments really pay off is in operability. You want the simplest possible codebase: probably a monolith and a basic deploy. But if you don’t have some basic tools for observability, each user issue is going to take orders of magnitude longer than necessary to track down. That’s time you could be using to advance your feature set.

Your implementation here may be some placeholders with simple approaches. But those placeholders will force you to design effectively so that you can enhance later without massive rewrites.

Very early stage: Maintain efficiency and productivity

At 10 to 20 engineers, you likely don’t have a person dedicated to developer efficiency or tooling. Company priorities are still shifting, and although it may feel cumbersome for your team to be working as a single team, keep at it. Look for more fluid ways of creating independent workstreams without concrete team definitions or deep specialization. Your team will benefit from having everyone responsible for creating tools, processes and code rather than relying on a single person. In the long run, it will help foster efficiency and productivity.

Powered by WPeMatico

Cycode raises $20M to secure DevOps pipelines

Israeli security startup Cycode, which specializes in helping enterprises secure their DevOps pipelines and prevent code tampering, today announced that it has raised a $20 million Series A funding round led by Insight Partners. Seed investor YL Ventures also participated in this round, which brings the total funding in the company to $24.6 million.

Cycode’s focus was squarely on securing source code in its early days, but thanks to the advent of infrastructure as code (IaC), policies as code and similar processes, it has expanded its scope. In this context, it’s worth noting that Cycode’s tools are language and use case agnostic. To its tools, code is code.

“This ‘everything as code’ notion creates an opportunity because the code repositories, they become a single source of truth of what the operation should look like and how everything should function, Cycode CTO and co-founder Ronen Slavin told me. “So if we look at that and we understand it — the next phase is to verify this is indeed what’s happening, and then whenever something deviates from it, it’s probably something that you should look at and investigate.”

Cycode Dashboard

Cycode Dashboard. Image Credits: Cycode

The company’s service already provides the tools for managing code governance, leak detection, secret detection and access management. Recently it added its features for securing code that defines a business’ infrastructure; looking ahead, the team plans to add features like drift detection, integrity monitoring and alert prioritization.

“Cycode is here to protect the entire CI/CD pipeline — the development infrastructure — from end to end, from code to cloud,” Cycode CEO and co-founder Lior Levy told me.

“If we look at the landscape today, we can say that existing solutions in the market are kind of siloed, just like the DevOps stages used to be,” Levy explained. “They don’t really see the bigger picture, they don’t look at the pipeline from a holistic perspective. Essentially, this is causing them to generate thousands of alerts, which amplifies the problem even further, because not only don’t you get a holistic view, but also the noise level that comes from those thousands of alerts causes a lot of valuable time to get wasted on chasing down some irrelevant issues.”

What Cycode wants to do then is to break down these silos and integrate the relevant data from across a company’s CI/CD infrastructure, starting with the source code itself, which ideally allows the company to anticipate issues early on in the software life cycle. To do so, Cycode can pull in data from services like GitHub, GitLab, Bitbucket and Jenkins (among others) and scan it for security issues. Later this year, the company plans to integrate data from third-party security tools like Snyk and Checkmarx as well.

“The problem of protecting CI/CD tools like GitHub, Jenkins and AWS is a gap for virtually every enterprise,” said Jon Rosenbaum, principal at Insight Partners, who will join Cycode’s board of directors. “Cycode secures CI/CD pipelines in an elegant, developer-centric manner. This positions the company to be a leader within the new breed of application security companies — those that are rapidly expanding the market with solutions which secure every release without sacrificing velocity.”

The company plans to use the new funding to accelerate its R&D efforts, and expand its sales and marketing teams. Levy and Slavin expect that the company will grow to about 65 employees this year, spread between the development team in Israel and its sales and marketing operations in the U.S.

Powered by WPeMatico

Seven months after Drone acquisition, Harness announces significant updates

The running line from any CEO of an acquired company is that the company can do so much more with resources of the company that acquired it than it could on its own. Just seven months after being acquired, Drone co-founder Brad Rydzewski says that his company really has benefited greatly from being part of Harness, and today the company announced a significant overhaul of the open-source project.

The artist formerly known as Drone is now called “Harness CI Community Edition” and Rydzewski says the Harness CEO and founder Jyoti Bansal kept his word when he said he was 100% committed to continue developing the open-source Drone product.

“Over the past seven months since the acquisition, a lot of community work has been around taking advantage of the resources that Harness has been able to afford us as a project — like having access to a designer, having access to professional writers — these are luxuries for most open-source projects,” Rydzewski told me.

He says that having access to these additional resources has enabled him to bring a higher level of polish to the project that just wouldn’t have been possible without joining Harness. At the same time, he says the CI team, which has grown from the project’s two co-founders to 15 people, has also been able to build out the professional CI tool as it has become part of the Harness toolset.

Chief among the updates to the community edition is a new sleeker interface that has a much more professional look and feel, according to Rydzewski. In addition, developers can see how projects move along the pipeline in a visualization tool, while benefiting from real-time debugging tools and new governance and security features.

All of this is an embarrassment of riches for Rydzewski, who was used to working on a shoestring budget prior to joining Harness. “Drone came from very humble beginnings as an open-source project, but now I think it can hold its own next to any product in the market today, even products that have raised hundreds of millions of dollars,” he said.


Early Stage is the premier “how-to” event for startup entrepreneurs and investors. You’ll hear firsthand how some of the most successful founders and VCs build their businesses, raise money and manage their portfolios. We’ll cover every aspect of company building: Fundraising, recruiting, sales, product-market fit, PR, marketing and brand building. Each session also has audience participation built-in — there’s ample time included for audience questions and discussion. Use code “TCARTICLE” at checkout to get 20% off tickets right here.

Powered by WPeMatico

Harness delivers enterprise continuous integration on heels of Drone.io acquisition

In August, Harness made its first acquisition when it bought open-source continuous integration startup Drone.io. The company didn’t waste any time building on that purchase, announcing a new enterprise continuous integration tool today to go alongside the open-source project Drone has been building.

The Harness software development platform consists of various modules, and the latest one helps with continuous integration, which is the build and test process that happens before developers start deploying their code changes.

As Brad Rydzewski, co-founder at Drone.io, explained it at the time of the acquisition:

Drone is a continuous integration software. It helps developers to continuously build, test and deploy their code. The project was started in 2012, and it was the first cloud-native, container-native continuous integration solution on the market, and we open sourced it.

Bansal indicated at the time of the acquisition that he wanted to build on that open-source project and provide an enterprise commercial version, while continuing to support the open-source project.

“This is really the first product in the industry that is bringing AI and machine learning into optimizing the build and test process,” Bansal said. That intelligence layer is what separates it from the open-source version of the software, and the idea is to use machine learning to speed up the building and testing process.

The company is also announcing a new module around managing feature flags. These are elements developers leave in the code to limit the rollout of software, allowing them to see how the update is performing before rolling it out to the user base at large. The problem is as these flags proliferate, they become difficult to manage, and the new module is designed to help developers understand and control the flags that exist in their code.

Bansal says his goal for the company has been to put within reach of every developer the kind of automated software delivery pipeline that’s in place at the world’s largest tech companies.

“[Our goal] is that every company in the world can have the same level of software delivery sophistication as a Google or Amazon or Facebook,” Bansal said.

Bansal founded AppDynamics, a company he sold to Cisco in 2017 for $3.7 billion. He launched Harness later that same year. The company has raised almost $80 million on a valuation of $500 million, according to PitchBook data.

Bansal also started the venture capital firm Unusual Ventures in 2018 and, as though he doesn’t have enough to do, he launched his third startup, Traceable, a security company, in July.

Powered by WPeMatico

The great stink in software pipelines

Greg Law
Contributor

Greg Law is the co-founder and CTO at Undo.io, a software failure replay platform provider.

It’s the summer of 1858. London. The River Thames is overflowing with the smell of human and industrial waste. The exceptionally hot summer months have exacerbated the problem. But this did not just happen overnight. Failure to upkeep an aging sewer system and a growing population that used it contributed to a powder keg of effluent, bringing about cholera outbreaks and shrouding the city in a smell that would not go away.

To this day, Londoners still speak of the Great Stink. Recurring cholera infections led to the dawn of the field of epidemiology, a subject in which we have all recently become amateur enthusiasts.

Fast forward to 2020 and you’ll see that modern software pipelines face a similar “Great Stink” due, in no small part, to the vast adoption of continuous integration (CI), the practice of merging all developers’ working copies into a shared mainline several times a day, and continuous delivery (CD), the ability to get changes of all types — including new features, configuration changes, bug fixes and experiments — into production, or into the hands of users, safely and quickly in a sustainable way.

While contemporary software failures won’t spread disease or emit the rancid smells of the past, they certainly reek of devastation, rendering billions of dollars lost and millions of developer hours wasted each year.

This kind of waste is antithetical to the intent of CI/CD. Everyone is employing CI/CD to accelerate software delivery; yet the ever-growing backlog of intermittent and sporadic test failures is doing the exact opposite. It’s become a growing sludge that is constantly being fed with failures faster than can be resolved. This backlog must be cleared to get CI/CD pipelines back to their full capabilities.

What value is there in a system that, in an effort to accelerate software delivery, knowingly leaves a backlog of bugs that does the exact opposite? We did not arrive at these practices by accident, and its practitioners are neither lazy nor incompetent so; how did we get here and what can we do to temper modern software development’s Great Stink?

Ticking time bombs

Powered by WPeMatico

Docker expands relationship with Microsoft to ease developer experience across platforms

When Docker sold off its enterprise division to Mirantis last fall, that didn’t mark the end of the company. In fact, Docker still exists and has refocused as a cloud-native developer tools vendor. Today it announced an expanded partnership with Microsoft around simplifying running Docker containers in Azure.

As its new mission suggests, it involves tighter integration between Docker and a couple of Azure developer tools including Visual Studio Code and Azure Container Instances (ACI). According to Docker, it can take developers hours or even days to set up their containerized environment across the two sets of tools.

The idea of the integration is to make it easier, faster and more efficient to include Docker containers when developing applications with the Microsoft tool set. Docker CEO Scott Johnston says it’s a matter of giving developers a better experience.

“Extending our strategic relationship with Microsoft will further reduce the complexity of building, sharing and running cloud-native, microservices-based applications for developers. Docker and VS Code are two of the most beloved developer tools and we are proud to bring them together to deliver a better experience for developers building container-based apps for Azure Container Instances,” Johnston said in a statement.

Among the features they are announcing is the ability to log into Azure directly from the Docker command line interface, a big simplification that reduces going back and forth between the two sets of tools. What’s more, developers can set up a Microsoft ACI environment complete with a set of configuration defaults. Developers will also be able to switch easily between their local desktop instance and the cloud to run applications.

These and other integrations are designed to make it easier for Azure and Docker common users to work in in the Microsoft cloud service without having to jump through a lot of extra hoops to do it.

It’s worth noting that these integrations are starting in Beta, but the company promises they should be released some time in the second half of this year.

Powered by WPeMatico

CircleCI launches improved AWS support

For about a year now, continuous integration and delivery service CircleCI has offered Orbs, a way to easily reuse commands and integrations with third-party services. Unsurprisingly, some of the most popular Orbs focus on AWS, as that’s where most of the company’s developers are either testing their code or deploying it. Today, right in time for AWS’s annual re:Invent developer conference in Las Vegas, the company announced that it has now added Orb support for the AWS Serverless Application Model (SAM), which makes setting up automated CI/CD platforms for testing and deploying to AWS Lambda significantly easier.

In total, the company says, more than 11,000 organizations started using Orbs since it launched a year ago. Among the AWS-centric Orbs are those for building and updating images for the Amazon Elastic Container Services and the Elastic Container Service for Kubernetes (EKS), for example, as well as AWS CodeDeploy support, an Orb for installing and configuring the AWS command line interface, an Orb for working with the S3 storage service and more.

“We’re just seeing a momentum of more and more companies being ready to adopt [managed services like Lambda, ECS and EKS], so this became really the ideal time to do most of the work with the product team at AWS that manages their serverless ecosystem and to add in this capability to leverage that serverless application model and really have this out of the box CI/CD flow ready for users who wanted to start adding these into to Lambda,” CircleCI VP of business development Tom Trahan told me. “I think when Lambda was in its earlier days, a lot of people would use it and they would use it and not necessarily follow the same software patterns and delivery flow that they might have with their traditional software. As they put more and more into Lambda and are really putting a lot more what I would call ‘production quality code’ out there to leverage. They realize they do want to have that same software delivery capability and discipline for Lambda as well.”

Trahan stressed that he’s still talking about early adopters and companies that started out as cloud-native companies, but these days, this group includes a lot of traditional companies, as well, that are now rapidly going through their own digital transformations.

Powered by WPeMatico

Idera acquires Travis CI

Travis CI, the popular Berlin-based open-source continuous integration service, has been acquired by Idera, a company that offers a number of SQL database management and administration tools for both on-premises and cloud applications. The move comes at a time when other continuous integration services, including the likes of Circle CI, seem to be taking market share away from Travis CI.

Idera, which itself is owned by private equity firm TA Associates, says that Travis is complementary to its current testing tools business and that the acquisition will benefit its current customers. Idera’s other tools in its Testing Tools division are TestRail, Ranorex and Kiuwan. “We admire the business value driven by Travis CI and look forward to helping more customers achieve better and faster results,” said Suhail Malhotra, Idera’s General Manager for Travis CI .

Idera clearly wants to move into the DevOps business, and continuous integration is obviously a major building block. This still feels like a bit of an odd acquisition, given that Idera isn’t exactly known for being on the leading edge of today’s technology (if it’s known at all). But Travis CI also brings 700,000 users to Idera, and customers like IBM and Zendesk, so while we don’t know the cost of the acquisition, this is a big deal in the CI ecosystem.

“We are excited about our next chapter of growth with the Idera team,” said Konstantin Haase, a founder of Travis CI, in today’s announcement. “Our customers and partners will benefit from Idera’s highly complementary portfolio and ability to scale software businesses to the next level. Our goal is to attract as many users to Travis CI as possible, while staying true to our open source roots and community.”

That’s pretty much what all founders write (or what the acquiring company’s PR team writes for them), so we’ll have to see how Idera will steer Travis CI going forward.

In his blog post, Haase says that nothing will change for Travis CI users. “With the support from our new partners, we will be able to invest in expanding and improving our core product, to have Travis CI be the best Continuous Integration and Development solution for software projects out there,” he writes and also notes that the Travis CI will stay open source. “This is who we are, this is what made us successful.”

Powered by WPeMatico